iangcarroll / cookiemonsterLinks
πͺ CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
β951Updated 10 months ago
Alternatives and similar repositories for cookiemonster
Users that are interested in cookiemonster are comparing it to the libraries listed below
Sorting:
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..eβ¦β999Updated last year
- Scrape domain names from SSL certificates of arbitrary hostsβ687Updated last year
- The most exhaustive list of reliable DNS resolvers.β896Updated this week
- Go client to communicate with Chaos DB API.β795Updated last week
- REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applicationsβ1,263Updated 3 months ago
- Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hacβ¦β1,030Updated 2 months ago
- Accept URLs on stdin, replace all query string values with a user-supplied valueβ845Updated 2 years ago
- DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelβ¦β1,029Updated 10 months ago
- Obtain GraphQL API schema even if the introspection is disabledβ1,310Updated 3 months ago
- HTTP Request Smuggling over HTTP/2 Cleartext (h2c)β762Updated 3 years ago
- Extract URLs, paths, secrets, and other interesting bits from JavaScriptβ1,689Updated last year
- Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one plβ¦β1,022Updated 2 months ago
- a javascript change monitoring tool for bugbountiesβ688Updated last year
- Tool to check for dependency confusion vulnerabilities in multiple package management systemsβ769Updated last year
- MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filteringβ¦β1,529Updated last week
- Golang client for querying SecurityTrails API dataβ574Updated 2 years ago
- bypass-url-parserβ1,101Updated this week
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerabilityβ926Updated 3 years ago
- Free, libre, effective, and data-driven wordlists for all!β637Updated 4 years ago
- declutters url lists for crawling/pentestingβ1,479Updated 8 months ago
- Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!β1,223Updated this week
- Making Favicon.ico based Recon Great again !β1,242Updated 2 years ago
- Fetches javascript file from a list of URLS or subdomains.β814Updated 4 months ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devicesβ635Updated 4 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable β¦β690Updated last year
- PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.β1,236Updated last year
- Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!β968Updated last year
- Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlistsβ758Updated 2 years ago
- A Chrome Extension to track postMessage usage (url, domain and stack) both by logging using CORS and also visually as an extension-iconβ1,249Updated last year
- A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given targetβ1,424Updated last month